Jump to content

[Feature Request] BB acting as dvd drive to auto run scripts


Recommended Posts

I was scrolling through some forums trying to figure out a silent way to run scripts, and I found someone talking about how you can setup a file on the disk that windows will automatically run as soon as it finds the file. I can see this being an awesome feature / ability to have, where instead of having to open up the run dialogue and printing code, the victim already has instructions to run a predefined file on the BB.

I'm assuming you could spoof a dvd drive the same way you could a keyboard, or a mass storage device, but there might be complications seeing as most dvd drives are hard wired into computers and don't connect through usb. I know some machines come setup to ask you what you want to do with the disk, but I've used several computers that don't require you to do anything, and the auto run programs on the disks will just run.

Anyways, I think if this could happen, this would be a huge advantage and we'd be able run scripts soo easily on victims.

Link to comment
Share on other sites

If you are talking about autorun.inf you can use it on USB keys as well, mostly XP is the only thing set to auto run the file actions by default, vista+ it starts asking you when it detects it.

On one of the recent episodes of Hak5 they were mentioning adding cd-rom support to emulate disc drives and it's not uncommon to see disc drives as USB devices, actually my dvd burner is USB because I need the sata ports for hard drives.


  • Upvote 1
Link to comment
Share on other sites

 Also, on most systems Win7 and above you get prompted if you want to run the autorun file.  So, you you will need HID anyway to tell it to run.  At that point you might as well do usb storage and HID run it or try one of the network delivery methods.  I am always down for variety though.

Link to comment
Share on other sites

Some corporate windows environments let you write to a usb dvd drive normally but require usb memory sticks and hard drives to be encrypted before you can write to them, otherwise they are read only. So theoretically in that situation any flash storage that looks like a dvd is a possible unchecked exfil vector.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...